MongoDB Atlas provides organizations with an easy way to host and manage data in the cloud. Panther can collect, normalize, and monitor MongoDB Atlas logs to help you identify suspicious activity within your organization in real time. Your normalized data is then retained to power future security investigations in a data lake powered by the cloud-native data platform, Snowflake.
Panther can ingest MongoDB Atlas event logs by querying the MongoDB Atlas Administration API to fetch organization and project events. Some common SIEM use cases for MongoDB Atlas logs include:
Panther’s integration for MongoDB Atlas is fast and simple to configure, allowing you to onboard MongoDB Atlas logs in just a few minutes. Simply select MongoDB Atlas from the list of log sources in the Panther console, generate an Access Key in MongoDB Atlas, and submit your key and credentials into the Panther setup menu.
For more details on onboarding MongoDB Atlas logs or for supported log schema, you can view our MongoDB Atlas documentation here.
As Panther ingests MongoDB Atlas logs, they are parsed, normalized, and stored in a Snowflake security data lake. This allows you to build detections, identify anomalies, and conduct investigations in the context of days, weeks, or months of data.
Panther applies normalization fields to your log records, standardizing names for attributes and empowering you to correlate data across all of your log sources. Panther’s various search tools - such as Query Builder, Data Explorer, and Indicator Search - allow you to investigate your normalized logs for suspicious activity or vulnerabilities. For more information on searching logs, check out our documentation on Investigations & Search.
With Panther, you aren’t confined to rigid detections as seen in many SIEM solutions. Panther is architected around detection-as-code principles, giving you the ability to write Python to define detection logic and to integrate external systems like version control and CI/CD pipelines into your detection engineering processes. This results in powerful, flexible, and reusable scripting of detections for your security team.
Panther fires alerts when your detection rules or policies for MongoDB Atlas are triggered, and integrates with a variety of alert destinations. Alerts can also be sent to alert context or SOAR platforms for more remediation options.
Alerts are categorized by five different severity levels: Info, Low, Medium, High, and Critical. Your security team has the ability to dynamically assign severity based on specific log event attributes.
If you have any questions about configuring, querying, or monitoring MongoDB Atlas logs in Panther, our customer support team is here to help. All customers have access to support via a dedicated Slack channel, email, or in-app messenger.
You can view our documentation on configuring and monitoring MongoDB Atlas logs here, or customers can sign up for the Panther Community to share best practices or custom detections for MongoDB Atlas logs.
With Panther, your team doesn’t have to waste time and resources on operational overhead, pay excessive costs to keep up with the growth of cloud app data or struggle with restrictive detection logic. Panther was founded by a team of security engineers who struggled with other SIEM solutions first-hand, and built an intuitive, cloud-native platform to solve them.
Panther is a cloud-native SIEM built for security operations at scale, offering flexible detection-as-code, intuitive security workflows, and actionable real-time alerts. If you’re searching for a seamless SIEM platform for MongoDB Atlas, request a demo today.